The following issues were found
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
5 issues
Line: 387
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
cmd->u.tx_can.data[5] = cf->len;
memcpy(&cmd->u.tx_can.data[6], cf->data, cf->len);
if (cf->can_id & CAN_RTR_FLAG)
*cmd_tx_can_flags |= MSG_FLAG_REMOTE_FRAME;
}
return cmd;
Reported by FlawFinder.
Line: 437
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (tmp->id == id) {
memcpy(cmd, tmp, tmp->len);
goto end;
}
pos += tmp->len;
}
Reported by FlawFinder.
Line: 731
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stats->rx_dropped++;
return;
}
memcpy(cf, &tmp_cf, sizeof(*cf));
if (new_state != old_state) {
if (es->status &
(M16C_STATE_BUS_OFF | M16C_STATE_BUS_RESET)) {
if (!priv->can.restart_ms)
Reported by FlawFinder.
Line: 986
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cmd->u.leaf.log_message.flags & MSG_FLAG_REMOTE_FRAME)
cf->can_id |= CAN_RTR_FLAG;
else
memcpy(cf->data, &cmd->u.leaf.log_message.data,
cf->len);
} else {
cf->can_id = ((rx_data[0] & 0x1f) << 6) | (rx_data[1] & 0x3f);
if (cmd->id == CMD_RX_EXT_MESSAGE) {
Reported by FlawFinder.
Line: 1004
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cmd->u.rx_can_header.flag & MSG_FLAG_REMOTE_FRAME)
cf->can_id |= CAN_RTR_FLAG;
else
memcpy(cf->data, &rx_data[6], cf->len);
}
stats->rx_packets++;
stats->rx_bytes += cf->len;
netif_rx(skb);
Reported by FlawFinder.
drivers/mfd/rave-sp.c
5 issues
Line: 366
CWE codes:
562
mutex_lock(&sp->bus_lock);
mutex_lock(&sp->reply_lock);
sp->reply = &reply;
mutex_unlock(&sp->reply_lock);
data[0] = command;
data[1] = ackid;
Reported by Cppcheck.
Line: 88
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct rave_sp_deframer {
enum rave_sp_deframer_state state;
unsigned char data[RAVE_SP_RX_BUFFER_SIZE];
size_t length;
};
/**
* struct rave_sp_reply - Reply as per RAVE device protocol
Reported by FlawFinder.
Line: 285
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rave_sp_write(struct rave_sp *sp, const u8 *data, u8 data_size)
{
const size_t checksum_length = sp->variant->checksum->length;
unsigned char frame[RAVE_SP_TX_BUFFER_SIZE];
unsigned char crc[RAVE_SP_CHECKSUM_SIZE];
unsigned char *dest = frame;
size_t length;
if (WARN_ON(checksum_length > sizeof(crc)))
Reported by FlawFinder.
Line: 286
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const size_t checksum_length = sp->variant->checksum->length;
unsigned char frame[RAVE_SP_TX_BUFFER_SIZE];
unsigned char crc[RAVE_SP_CHECKSUM_SIZE];
unsigned char *dest = frame;
size_t length;
if (WARN_ON(checksum_length > sizeof(crc)))
return -ENOMEM;
Reported by FlawFinder.
Line: 420
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* We are relying on memcpy(dst, src, 0) to be a no-op
* when handling commands that have a no-payload reply
*/
memcpy(reply->data, &data[2], reply->length);
complete(&reply->received);
sp->reply = NULL;
} else {
dev_err(dev, "Ignoring incorrect reply\n");
dev_dbg(dev, "Code: expected = 0x%08x received = 0x%08x\n",
Reported by FlawFinder.
drivers/net/ethernet/cirrus/cs89x0.c
5 issues
Line: 523
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
writereg(dev, PP_LineCTL, readreg(dev, PP_LineCTL) | SERIAL_TX_ON);
memcpy(test_packet, dev->dev_addr, ETH_ALEN);
memcpy(test_packet + ETH_ALEN, dev->dev_addr, ETH_ALEN);
iowrite16(TX_AFTER_ALL, lp->virt_addr + TX_CMD_PORT);
iowrite16(ETH_ZLEN, lp->virt_addr + TX_LEN_PORT);
Reported by FlawFinder.
Line: 524
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
writereg(dev, PP_LineCTL, readreg(dev, PP_LineCTL) | SERIAL_TX_ON);
memcpy(test_packet, dev->dev_addr, ETH_ALEN);
memcpy(test_packet + ETH_ALEN, dev->dev_addr, ETH_ALEN);
iowrite16(TX_AFTER_ALL, lp->virt_addr + TX_CMD_PORT);
iowrite16(ETH_ZLEN, lp->virt_addr + TX_LEN_PORT);
/* Test to see if the chip has allocated memory for the packet */
Reported by FlawFinder.
Line: 1230
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (netif_running(dev))
return -EBUSY;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
cs89_dbg(0, debug, "%s: Setting MAC address to %pM\n",
dev->name, dev->dev_addr);
/* set the Ethernet address */
Reported by FlawFinder.
Line: 1657
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!dev)
return ERR_PTR(-ENODEV);
sprintf(dev->name, "eth%d", unit);
netdev_boot_setup_check(dev);
io = dev->base_addr;
irq = dev->irq;
cs89_dbg(0, info, "cs89x0_probe(0x%x)\n", io);
Reported by FlawFinder.
Line: 1699
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int io;
static int irq;
static int debug;
static char media[8];
static int duplex = -1;
static int use_dma; /* These generate unused var warnings if ALLOW_DMA = 0 */
static int dma;
static int dmasize = 16; /* or 64 */
Reported by FlawFinder.
drivers/mmc/host/omap.c
5 issues
Line: 313
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mmc_host *mmc = container_of(dev, struct mmc_host, class_dev);
struct mmc_omap_slot *slot = mmc_priv(mmc);
return sprintf(buf, "%s\n", mmc_omap_cover_is_open(slot) ? "open" :
"closed");
}
static DEVICE_ATTR(cover_switch, S_IRUGO, mmc_omap_show_cover_switch, NULL);
Reported by FlawFinder.
Line: 326
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mmc_host *mmc = container_of(dev, struct mmc_host, class_dev);
struct mmc_omap_slot *slot = mmc_priv(mmc);
return sprintf(buf, "%s\n", slot->pdata->name);
}
static DEVICE_ATTR(slot_name, S_IRUGO, mmc_omap_show_slot_name, NULL);
static void
Reported by FlawFinder.
Line: 709
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < ARRAY_SIZE(mmc_omap_status_bits); i++)
if (status & (1 << i))
buf += sprintf(buf, " %s", mmc_omap_status_bits[i]);
dev_vdbg(mmc_dev(host->mmc), "%s\n", res);
}
#else
static void mmc_omap_report_irq(struct mmc_omap_host *host, u16 status)
{
Reported by FlawFinder.
Line: 703
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"CCRC", "CRW", "AF", "AE", "OCRB", "CIRQ", "CERR"
};
int i;
char res[64], *buf = res;
buf += sprintf(buf, "MMC IRQ 0x%x:", status);
for (i = 0; i < ARRAY_SIZE(mmc_omap_status_bits); i++)
if (status & (1 << i))
Reported by FlawFinder.
Line: 705
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i;
char res[64], *buf = res;
buf += sprintf(buf, "MMC IRQ 0x%x:", status);
for (i = 0; i < ARRAY_SIZE(mmc_omap_status_bits); i++)
if (status & (1 << i))
buf += sprintf(buf, " %s", mmc_omap_status_bits[i]);
dev_vdbg(mmc_dev(host->mmc), "%s\n", res);
Reported by FlawFinder.
drivers/md/dm-thin.c
5 issues
Line: 2837
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct block_device *data_bdev = pt->data_dev->bdev;
struct queue_limits *data_limits = &bdev_get_queue(data_bdev)->limits;
const char *reason = NULL;
char buf[BDEVNAME_SIZE];
if (!pt->adjusted_pf.discard_passdown)
return;
if (!data_dev_supports_discard(pt))
Reported by FlawFinder.
Line: 3221
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void warn_if_metadata_device_too_big(struct block_device *bdev)
{
sector_t metadata_dev_size = get_dev_size(bdev);
char buffer[BDEVNAME_SIZE];
if (metadata_dev_size > THIN_METADATA_MAX_SECTORS_WARNING)
DMWARN("Metadata device %s is larger than %u sectors: excess space will not be used.",
bdevname(bdev, buffer), THIN_METADATA_MAX_SECTORS);
}
Reported by FlawFinder.
Line: 3908
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dm_block_t nr_blocks_metadata;
dm_block_t held_root;
enum pool_mode mode;
char buf[BDEVNAME_SIZE];
char buf2[BDEVNAME_SIZE];
struct pool_c *pt = ti->private;
struct pool *pool = pt->pool;
switch (type) {
Reported by FlawFinder.
Line: 3909
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dm_block_t held_root;
enum pool_mode mode;
char buf[BDEVNAME_SIZE];
char buf2[BDEVNAME_SIZE];
struct pool_c *pt = ti->private;
struct pool *pool = pt->pool;
switch (type) {
case STATUSTYPE_INFO:
Reported by FlawFinder.
Line: 4386
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int r;
ssize_t sz = 0;
dm_block_t mapped, highest;
char buf[BDEVNAME_SIZE];
struct thin_c *tc = ti->private;
if (get_pool_mode(tc->pool) == PM_FAIL) {
DMEMIT("Fail");
return;
Reported by FlawFinder.
drivers/media/pci/solo6x10/solo6x10-g723.c
5 issues
Line: 375
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strscpy(card->driver, SOLO6X10_NAME, sizeof(card->driver));
strscpy(card->shortname, "SOLO-6x10 Audio", sizeof(card->shortname));
sprintf(card->longname, "%s on %s IRQ %d", card->shortname,
pci_name(solo_dev->pdev), solo_dev->pdev->irq);
ret = snd_device_new(card, SNDRV_DEV_LOWLEVEL, solo_dev, &ops);
if (ret < 0)
goto snd_error;
Reported by FlawFinder.
Line: 253
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(dst, solo_pcm->g723_buf, G723_PERIOD_BYTES);
dst += G723_PERIOD_BYTES;
}
return 0;
}
Reported by FlawFinder.
Line: 339
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0, ss = pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream;
ss; ss = ss->next, i++)
sprintf(ss->name, "Camera #%d Audio", i);
snd_pcm_set_managed_buffer_all(pcm,
SNDRV_DMA_TYPE_CONTINUOUS,
NULL,
G723_PERIOD_BYTES * PERIODS,
Reported by FlawFinder.
Line: 357
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct snd_device_ops ops = { };
struct snd_card *card;
struct snd_kcontrol_new kctl;
char name[32];
int ret;
atomic_set(&solo_dev->snd_users, 0);
/* Allows for easier mapping between video and audio */
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
atomic_set(&solo_dev->snd_users, 0);
/* Allows for easier mapping between video and audio */
sprintf(name, "Softlogic%d", solo_dev->vfd->num);
ret = snd_card_new(&solo_dev->pdev->dev,
SNDRV_DEFAULT_IDX1, name, THIS_MODULE, 0,
&solo_dev->snd_card);
if (ret < 0)
Reported by FlawFinder.
drivers/net/ethernet/cadence/macb_main.c
5 issues
Line: 316
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr[5] = (top >> 8) & 0xff;
if (is_valid_ether_addr(addr)) {
memcpy(bp->dev->dev_addr, addr, sizeof(addr));
return;
}
}
dev_info(&bp->pdev->dev, "invalid hw address, using random\n");
Reported by FlawFinder.
Line: 2913
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bp = netdev_priv(dev);
gem_update_stats(bp);
memcpy(data, &bp->ethtool_stats, sizeof(u64)
* (GEM_STATS_LEN + QUEUE_STATS_LEN * MACB_MAX_QUEUES));
}
static int gem_get_sset_count(struct net_device *dev, int sset)
{
Reported by FlawFinder.
Line: 2931
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void gem_get_ethtool_strings(struct net_device *dev, u32 sset, u8 *p)
{
char stat_string[ETH_GSTRING_LEN];
struct macb *bp = netdev_priv(dev);
struct macb_queue *queue;
unsigned int i;
unsigned int q;
Reported by FlawFinder.
Line: 2940
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (sset) {
case ETH_SS_STATS:
for (i = 0; i < GEM_STATS_LEN; i++, p += ETH_GSTRING_LEN)
memcpy(p, gem_statistics[i].stat_string,
ETH_GSTRING_LEN);
for (q = 0, queue = bp->queues; q < bp->num_queues; ++q, ++queue) {
for (i = 0; i < QUEUE_STATS_LEN; i++, p += ETH_GSTRING_LEN) {
snprintf(stat_string, ETH_GSTRING_LEN, "q%d_%s",
Reported by FlawFinder.
Line: 2947
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < QUEUE_STATS_LEN; i++, p += ETH_GSTRING_LEN) {
snprintf(stat_string, ETH_GSTRING_LEN, "q%d_%s",
q, queue_statistics[i].stat_string);
memcpy(p, stat_string, ETH_GSTRING_LEN);
}
}
break;
}
}
Reported by FlawFinder.
drivers/mfd/88pm860x-i2c.c
5 issues
Line: 86
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int read_device(struct i2c_client *i2c, int reg,
int bytes, void *dest)
{
unsigned char msgbuf0[I2C_SMBUS_BLOCK_MAX + 3];
unsigned char msgbuf1[I2C_SMBUS_BLOCK_MAX + 2];
struct i2c_adapter *adap = i2c->adapter;
struct i2c_msg msg[2] = {
{
.addr = i2c->addr,
Reported by FlawFinder.
Line: 87
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int bytes, void *dest)
{
unsigned char msgbuf0[I2C_SMBUS_BLOCK_MAX + 3];
unsigned char msgbuf1[I2C_SMBUS_BLOCK_MAX + 2];
struct i2c_adapter *adap = i2c->adapter;
struct i2c_msg msg[2] = {
{
.addr = i2c->addr,
.flags = 0,
Reported by FlawFinder.
Line: 113
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (bytes > 0)
num = 2;
ret = adap->algo->master_xfer(adap, msg, num);
memcpy(dest, msgbuf1, bytes);
if (ret < 0)
return ret;
return 0;
}
Reported by FlawFinder.
Line: 122
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int write_device(struct i2c_client *i2c, int reg,
int bytes, void *src)
{
unsigned char buf[2];
struct i2c_adapter *adap = i2c->adapter;
struct i2c_msg msg;
int ret;
buf[0] = (unsigned char)reg;
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ret;
buf[0] = (unsigned char)reg;
memcpy(&buf[1], src, bytes);
msg.addr = i2c->addr;
msg.flags = 0;
msg.len = bytes + 1;
msg.buf = buf;
Reported by FlawFinder.
drivers/message/fusion/mptscsih.c
5 issues
Line: 2066
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
ioc->taskmgmt_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
memcpy(ioc->taskmgmt_cmds.reply, mr,
min(MPT_DEFAULT_FRAME_SIZE, 4 * mr->u.reply.MsgLength));
out:
if (ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_PENDING) {
mpt_clear_taskmgmt_in_progress_flag(ioc);
ioc->taskmgmt_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
Reported by FlawFinder.
Line: 2425
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the sense received into the scsi command block. */
req_index = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
sense_data = ((u8 *)ioc->sense_buf_pool + (req_index * MPT_SENSE_BUFFER_ALLOC));
memcpy(sc->sense_buffer, sense_data, MPT_SENSE_BUFFER_ALLOC);
/* Log SMART data (asc = 0x5D, non-IM case only) if required.
*/
if ((ioc->events) && (ioc->eventTypes & (1 << MPI_EVENT_SCSI_DEVICE_STATUS_CHANGE))) {
if ((sense_data[12] == 0x5D) && (vdevice->vtarget->raidVolume == 0)) {
Reported by FlawFinder.
Line: 2643
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ioc->internal_cmds.completion_code =
mptscsih_get_completion_code(ioc, req, reply);
ioc->internal_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
memcpy(ioc->internal_cmds.reply, reply,
min(MPT_DEFAULT_FRAME_SIZE, 4 * reply->u.reply.MsgLength));
cmd = reply->u.hdr.Function;
if (((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) ||
(cmd == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) &&
(pReply->SCSIState & MPI_SCSI_STATE_AUTOSENSE_VALID)) {
Reported by FlawFinder.
Line: 2654
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(req_idx * MPT_SENSE_BUFFER_ALLOC));
sz = min_t(int, pReq->SenseBufferLength,
MPT_SENSE_BUFFER_ALLOC);
memcpy(ioc->internal_cmds.sense, sense_data, sz);
}
out:
if (!(ioc->internal_cmds.status & MPT_MGMT_STATUS_PENDING))
return 0;
ioc->internal_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
Reported by FlawFinder.
Line: 3216
Column: 9
CWE codes:
126
ioc->debug_level = val;
printk(MYIOC_s_INFO_FMT "debug_level=%08xh\n",
ioc->name, ioc->debug_level);
return strlen(buf);
}
static DEVICE_ATTR(debug_level, S_IRUGO | S_IWUSR,
mptscsih_debug_level_show, mptscsih_debug_level_store);
struct device_attribute *mptscsih_host_attrs[] = {
Reported by FlawFinder.
drivers/media/test-drivers/vicodec/vicodec-core.c
5 issues
Line: 192
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (i = 0; i < state->visible_height / h_div; i++) {
memcpy(row_ref, row_cap, ref_stride);
row_ref += ref_stride;
row_cap += cap_stride;
}
cap += cap_stride * (state->coded_height / h_div);
p_ref += ref_stride * (state->coded_height / h_div);
Reported by FlawFinder.
Line: 373
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (*pp + sz - p < copy)
copy = *pp + sz - p;
memcpy(header + ctx->comp_magic_cnt, p, copy);
ctx->comp_magic_cnt += copy;
if (!memcmp(header, magic, ctx->comp_magic_cnt)) {
p += copy;
state = VB2_BUF_STATE_DONE;
break;
Reported by FlawFinder.
Line: 395
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (*pp + sz - p < copy)
copy = *pp + sz - p;
memcpy(header + ctx->header_size, p, copy);
p += copy;
ctx->header_size += copy;
}
*pp = p;
return state;
Reported by FlawFinder.
Line: 628
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (copy > p_src + sz - p)
copy = p_src + sz - p;
memcpy(ctx->state.compressed_frame + ctx->comp_size,
p, copy);
p += copy;
ctx->comp_size += copy;
if (ctx->comp_size < max_to_copy) {
if (v4l2_m2m_is_last_draining_src_buf(ctx->fh.m2m_ctx,
Reported by FlawFinder.
Line: 1614
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->comp_size > ctx->comp_max_size)
ctx->comp_size = ctx->comp_max_size;
memcpy(new_comp_frame,
state->compressed_frame, ctx->comp_size);
}
kvfree(state->compressed_frame);
state->compressed_frame = new_comp_frame;
Reported by FlawFinder.